Add support for aggregation_rule to cluster_role resource (#911)

Add support for `aggregation_rule` to `cluster_role` resource. https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
hashicorp · Aug 21, 2020 · c321a65 · c321a65
1 parent ce6a7dc
commit c321a65
Show file tree

Hide file tree

Showing 4 changed files with 398 additions and 91 deletions.
diff --git a/kubernetes/resource_kubernetes_cluster_role.go b/kubernetes/resource_kubernetes_cluster_role.go
@@ -27,12 +27,31 @@ func resourceKubernetesClusterRole() *schema.Resource {
 			"rule": {
 				Type:        schema.TypeList,
 				Description: "List of PolicyRules for this ClusterRole",
-				Required:    true,
+				Optional:    true,
+				Computed:    true,
 				MinItems:    1,
 				Elem: &schema.Resource{
 					Schema: policyRuleSchema(),
 				},
 			},
+			"aggregation_rule": {
+				Type:        schema.TypeList,
+				Description: "Describes how to build the Rules for this ClusterRole.",
+				Optional:    true,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cluster_role_selectors": {
+							Type:        schema.TypeList,
+							Description: "A list of selectors which will be used to find ClusterRoles and create the rules.",
+							Optional:    true,
+							Elem: &schema.Resource{
+								Schema: labelSelectorFields(true),
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -48,6 +67,11 @@ func resourceKubernetesClusterRoleCreate(d *schema.ResourceData, meta interface{
 		ObjectMeta: metadata,
 		Rules:      expandClusterRoleRules(d.Get("rule").([]interface{})),
 	}
+
+	if v, ok := d.GetOk("aggregation_rule"); ok {
+		cRole.AggregationRule = expandClusterRoleAggregationRule(v.([]interface{}))
+	}
+
 	log.Printf("[INFO] Creating new cluster role: %#v", cRole)
 	out, err := conn.RbacV1().ClusterRoles().Create(&cRole)
 	if err != nil {
@@ -71,6 +95,10 @@ func resourceKubernetesClusterRoleUpdate(d *schema.ResourceData, meta interface{
 		diffOps := patchRbacRule(d)
 		ops = append(ops, diffOps...)
 	}
+	if d.HasChange("aggregation_rule") {
+		diffOps := patchRbacAggregationRule(d)
+		ops = append(ops, diffOps...)
+	}
 	data, err := ops.MarshalJSON()
 	if err != nil {
 		return fmt.Errorf("Failed to marshal update operations: %s", err)
@@ -108,8 +136,16 @@ func resourceKubernetesClusterRoleRead(d *schema.ResourceData, meta interface{})
 	if err != nil {
 		return err
 	}
-	d.Set("rule", flattenClusterRoleRules(cRole.Rules))
-
+	err = d.Set("rule", flattenClusterRoleRules(cRole.Rules))
+	if err != nil {
+		return err
+	}
+	if cRole.AggregationRule != nil {
+		err = d.Set("aggregation_rule", flattenClusterRoleAggregationRule(cRole.AggregationRule))
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }